RETIRED: Microsoft November Advance Notification Multiple Vulnerabilities
BID:20991
Info
RETIRED: Microsoft November Advance Notification Multiple Vulnerabilities
| Bugtraq ID: | 20991 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 09 2006 12:00AM |
| Updated: | Apr 17 2007 05:21PM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Microsoft XML Core Services 6.0 Microsoft XML Core Services 5.0 SP1 Microsoft XML Core Services 5.0 Microsoft XML Core Services 4.0 Microsoft XML Core Services 3.0 SP7 Microsoft XML Core Services 3.0 SP5 Microsoft XML Core Services 3.0 SP4 Microsoft XML Core Services 3.0 SP3 Microsoft XML Core Services 3.0 Microsoft XML Core Services 2.6 Microsoft XML Core Services 2.5 SP1 Microsoft XML Core Services 2.5 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Terminal Server 4.0 SP6a Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Terminal Server 4.0 SP5 Microsoft Windows NT Terminal Server 4.0 SP4 Microsoft Windows NT Terminal Server 4.0 SP3 Microsoft Windows NT Terminal Server 4.0 SP2 Microsoft Windows NT Terminal Server 4.0 SP1 Microsoft Windows NT Terminal Server 4.0 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Server 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows ME Microsoft Windows 98SE Microsoft Windows 98 Microsoft Windows 95 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server |
| Not Vulnerable: | |
Discussion
RETIRED: Microsoft November Advance Notification Multiple Vulnerabilities
Microsoft has released advance notification that the vendor will be releasing six security bulletins for Windows and Microsoft XML Core Services on November 14, 2006. The highest severity rating for these issues is 'Critical'.
Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.
These vulnerabilities have been assigned to the following BIDs:
21023 Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
20984 Microsoft Client Service for Netware Denial of Service Vulnerability
20047 Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
19738 Microsoft Internet Explorer Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability
21020 Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
21034 Microsoft Agent ActiveX Control Remote Code Execution Vulnerability
18583 Microsoft Office Embedded Shockwave Flash Object Security Bypass Weakness
19980 Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
18894 Macromedia Flash Malformed SWF File Multiple Vulnerabilities
20985 Microsoft Windows Workstation Service NetpManageIPCConnect Remote Code Execution Vulnerability
20915 Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution Vulnerability
Microsoft has released advance notification that the vendor will be releasing six security bulletins for Windows and Microsoft XML Core Services on November 14, 2006. The highest severity rating for these issues is 'Critical'.
Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.
These vulnerabilities have been assigned to the following BIDs:
21023 Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
20984 Microsoft Client Service for Netware Denial of Service Vulnerability
20047 Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
19738 Microsoft Internet Explorer Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability
21020 Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
21034 Microsoft Agent ActiveX Control Remote Code Execution Vulnerability
18583 Microsoft Office Embedded Shockwave Flash Object Security Bypass Weakness
19980 Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
18894 Macromedia Flash Malformed SWF File Multiple Vulnerabilities
20985 Microsoft Windows Workstation Service NetpManageIPCConnect Remote Code Execution Vulnerability
20915 Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution Vulnerability
Exploit / POC
RETIRED: Microsoft November Advance Notification Multiple Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
RETIRED: Microsoft November Advance Notification Multiple Vulnerabilities
Solution:
Microsoft plans to release fixes to address these issues on November 14, 2006.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Microsoft plans to release fixes to address these issues on November 14, 2006.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
RETIRED: Microsoft November Advance Notification Multiple Vulnerabilities
References:
References: